Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair,

Slides:



Advertisements
Similar presentations
HIPAA for Governments & Municipalities Rebecca L. Williams, RN, JD Partner, Co-Chair of HIT/HIPAA Practice Davis Wright Tremaine LLP Seattle, WA
Advertisements

H OGAN & H ARTSON, L.L.P.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Minimum Necessary Standard Version 1.0
HIPAA: Privacy, Security, and HITECH, Oh My! Presented by Stephanie L. Ganucheau, Special Assistant Attorney General.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
Confidentiality and HIPAA
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
P E N N S Y L V A N I A C O A L I T I O N A G A I N S T D O M E S T I C V I O L E N C E P E N N S Y L V A N I A C O A L I T I O N A G A I N S T RAPE HIPAA.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Are you ready for HIPPO??? Welcome to HIPAA
Business Associate Contracts: Time Is Running Out... Rebecca L. Williams, RN, JD Partner Davis Wright Tremaine LLP Seattle, WA
August 10, 2001 NESNIP PRIVACY WORKGROUP HIPAA’s Minimum Necessary Standard Presented by: Mildred L. Johnson, J.D.
HIPAA Compliance Strategies for Employers, METs, MEWAs and Taft Hartley Union Trust Funds The HIPAA Colloquium at Harvard University Presented by: Melissa.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Notice of Privacy Practices Nebraska SNIP Privacy Subgroup July 18, 2002 Michael J. Brown, MHA, CPA Vice-President, Administrative & Regulatory Affairs,
HIPAA PRIVACY AND SECURITY AWARENESS.
– Privacy in Perspective – Dealing with Hybrids & Other Unique Collaborations Thomas E. Jeffry, Jr., Esq. Partner, Davis Wright Tremaine LLP, Los Angeles,
1 Disclosures © HIPAA Pros 2002 All rights reserved.
Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.
Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Speak HIPAA Like a Native A Guide to Common HIPAA Nomenclature University of Miami Ethics Programs.
Advanced Issues in Privacy: Drafting and Negotiating Business Associate Contracts Thomas E. Jeffry, Jr. Partner Davis Wright Tremaine LLP Los Angeles,
LEGAL ISSUES IN MEDICAL HOME DEVELOPMENT Presented by: Gerry Hinkley Davis Wright Tremaine LLP
Davis Wright Tremaine LLP Case Study: Small Group Health Plan HIPAA Privacy Compliance for Employers September 15, 2003 Speaker Jason Froggatt Becky Williams.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
HIPAA For Provider Contracting Networks Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
HIPAA PRACTICAL APPLICATION WORKSHOP Orientation Module 1B Anderson Health Information Systems, Inc.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
OHCAs, ACEs and Hybrid Entities Paul Smith Davis Wright Tremaine LLP One Embarcadero Center Suite 600 San Francisco, CA (415)
HIPAA and Academic Medical Centers, Colleges and Universities Presented By: Michael L. Blau, Esq.Tina S. Sheldon McDermott, Will & EmeryAssistant Compliance.
HIPAA Privacy Rules: What Are Plan Sponsors Required to Do?
HIPAA Privacy: Those Nagging Issues That Don’t Seem to Go Away Rebecca L. Williams, RN, JD Partner; Co-Chair of HIT/HIPAA Practice Group Davis Wright.
© FOLEY & LARDNER 2001 WHEN PRINTING IN BLACK & WHITE: Go to the TITLE MASTER SLIDE, delete the logo and replace it with this one. Organized Health Care.
A NATIONAL HIPAA SUMMIT AUDIOCONFERENCE Davis Wright Tremaine LLP Legal Requirements For Vendor And Clearinghouse HIPAA Compliance; Business Associate.
Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,
Connecting for Health Common Framework: the Model Contract for Health Information Exchange Gerry Hinkley com July 18, 2006 Davis Wright.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
COMMUNITY-BASED COLLABORATIONS: Legal Issues In Structuring Health Information Exchanges The Health Information Technology Summit October 23, 2004 Reece.
Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
HIPAA CONFIDENTIALITY
Reid Cushman, UM Ethics Programs
HIPAA Administrative Simplification
HOGAN & HARTSON, L.L.P. “Publications” “Health”
Paul T. Smith Davis Wright Tremaine LLP
HIPAA Pros - Disclosures
SHARING CLINICAL DATA: Legal and Privacy Issues
Disability Services Agencies Briefing On HIPAA
HIPAA Pros - Minimum Necessary
Health Care: Privacy in a Digital Age
manatt | phelps | phillips
Business Associate Contracts: Time Is Running Out . . .
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
National Congress on Health Care Compliance
Making Your IRBs and Clinical Investigators HIPAA-Ready
THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,
Analysis of Final HIPAA Privacy Modification Rule
Non-HIPAA Governmental Regulation of Healthcare Privacy and Security
Presentation transcript:

Davis Wright Tremaine LLP HIT Legal Issues: HIPAA Implications to a Regional Health Information Organization Becky Williams, R.N., J.D. Partner, Co-Chair, HIT/HIPAA Practice Group Davis Wright Tremaine LLP

Davis Wright Tremaine LLP 2 HIPAA Analysis: Starting Point Identify those with access Determine covered entity status Determine other status (e.g., business associate) Examine the Flow of PHI within the RHIO Covered Provider Covered Provider Covered Provider Non-Covered Provider Covered Provider Plan Covered Entity Non-Covered Third Party Purposes of the PHI Flow

Davis Wright Tremaine LLP 3 Ways to Disclose: TPO May disclose PHI for own Treatment Payment Operations May disclose PHI for treatment activities of a health care provider (not necessarily a covered provider) May disclose PHI to provider or covered entity for payment purposes May disclose PHI to covered entity For limited operations (e.g., QA, peer review, compliance) If both have/had relationship with patient If disclosure relates to relationship

Davis Wright Tremaine LLP 4 Ways to Disclose: OHCA Medical Staff OHCA Community OHCA: organized system of health More than one covered entity Hold themselves out to the public as a joint arrangement Participate in joint activities that include UR, QA or sharing of financial risk May disclose PHI to another covered entity in OHCA for OHCA health care operations

Davis Wright Tremaine LLP 5 Business Associate provides services on behalf of a covered entity involving PHI Examples: management, administration, data aggregation Need BAC RHIO/ASP/ISP May or may not be covered entity May be a business associate (especially in a hub and spoke arrangement) Ways to Disclose: Business Associate

Davis Wright Tremaine LLP 6 Ways to Disclose: Patient Authorization May not be necessary for most disclosures Depends on participants When in doubt, go with an authorization State law may present greatest challenges May be more stringent on disclosures May present problems with authorization Requirements likely to vary with type of info (mental health, AIDS/HIV/STD, developmental disabilities, substance abuse) Beware of federal substance abuse requirements May want to seek patient permission/ acknowledgement Puts patients on notice; helps to avoid surprises Opportunity to request additional privacy protections

Davis Wright Tremaine LLP 7 Ways to Disclose: Non-PHI De-identified data May be aggregated/shared Is it truly de-identified? Limited data sets For public health, research or operations Need data use agreement

Davis Wright Tremaine LLP 8 Minimum Necessary May use, disclose or request only the minimum necessary information for the intended purpose RHIO members may rely on other members representation if All are covered entities and Reliance is reasonable under the circumstances No minimum necessary for Treatment Authorization

Davis Wright Tremaine LLP 9 Individual Rights General Issues Need to determine responsibilities Centralized v. de-centralized Access If de-centralized, different providers may follow different rules Want to put participants on notice Amendment Provider to make determination Process for making amendments system-wide Need to preserve pre-amendment PHI Need to track timing of amendments Need to link to statement of disagreement/ rebuttal

Davis Wright Tremaine LLP 10 Individual Rights Accounting of disclosure Most RHIO disclosures not subject to accounting Who tracks? Request additional privacy protection Covered entity has right to refuse Accepted request Bound Practical implication: Is RHIO bound? Be aware of system limitations Notice of privacy practices Want all participants to include description of community-wide system Each party is responsible for contents/distribution of NPP Joint NPPs need to be tracked

Davis Wright Tremaine LLP 11 Administrative Responsibilities Training Centralize v. decentralized Sanctions Each member must have and use sanctions Collaborative – wide sanctions Policies Individual policies and procedures Rules of the road

Davis Wright Tremaine LLP 12 Security Standards Standards are scalable based on sophistication and resources of covered entity Security is only as good as the weakest link Minimum standards may be required (e.g., through user/license agreement) Systems protections for appropriate access Identify relationship with patient Break the glass Audit/sanctions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.